You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

BitLocker encrypts the page file (swap file), and even encrypts crash-dump
files and hibernation files (things often overlooked). Only the boot files
and portions of metadata are in clear text, none of which provide any
sensitive information.

Because BitLocker was designed in conjunction with Vista, these special
files are handled seamlessly, allowing all the OS functionality you would
expect... securely without requiring special workarounds.

When BitLocker is enabled, it encrypts the volume carefully to ensure that
no data is left unencrypted, and to ensure that if the computer crashes in
the middle of conversion of the volume, it is recoverable.

As I've never installed CompuSec, I can't give you a comparison, but why not
try both out and see which meets your needs better?

Things to consider when comparing products, for example, is if you use a
user-remembered password for boot authentication, how easy is it to crack?
When using TPM+PIN, then the TPM hardware helps mitigate brute-force
attacks, making an easily remembered PIN harder to crack than many password
solutions. The TPM also detects tampering of pre-boot files.

-
Jamie Hunter [MS]

"lvjobhunt" <lvjobhunt@discussions.microsoft.com> wrote in message
news3186967-544F-4776-9FFA-8A123A438E28@microsoft.com...
> Does bitlocker ecrypt the swap file? Is there anything on a bitlocker
> driver
> that can be recovered?
>
> How does this compare to freeware like compusec.

The three .fve blob in system volume information. when you read those
under a live system they are filled with \x00.
The $Boot file is also not encrypted. There are probably other boot
files.
How does BitLocker know which files are encrypted and which are not?

Specifically $BOOT is the first 8K of the disk, and contains information
such as file-system size; unused boot code; and some "snapshot" information.
It also points to the first copy of BitLocker metadata (seehttp://blogs.msdn.com/si_team/archiv...itlocker.aspx).
Each copy of metadata (shadowed by the three .fve files in system volume
information) point to each other. The primary structure is decrypted, but
contains encrypted components. The entire structure has a MAC (Message
Authenticity Check).
The final piece of decrypted data is the backup boot sector at the end of
the volume immediately after the file-system. That's 5 decrypted and easily
identifiable regions in total. None of which contain sensitive information.

An example of decrypted data in the metadata is a label that helps identify
the volume and key labels to help find the recovery key.
An example of encrypted data in the metadata is the VMK (Volume Master Key)
encrypted by an externally provided (or TPM provided) key; and the FVEK
(Full Volume Encryption Key) encrypted by the VMK.

Hope this helps?
-
Jamie Hunter [MS]

"niknik" <niknik.2ipsca@no-mx.vista64.net> wrote in message
news:niknik.2ipsca@no-mx.vista64.net...
>
> The three .fve blob in system volume information. when you read those
> under a live system they are filled with \x00.
> The $Boot file is also not encrypted. There are probably other boot
> files.
> How does BitLocker know which files are encrypted and which are not?
>
>
> --
> niknik
> ------------------------------------------------------------------------
> niknik's Profile: http://vista64.net/forums/member.php?userid=637
> View this thread: http://vista64.net/forums/showthread.php?t=29093
>

you can encrypt other volumes if you use the managebde script. Tread
lightly however is my best advice as you really need to understand what you
are doing here to do it correctly. Be sure to escrow that key.